security = HTTPBase(scheme="Other", description="Other Security Scheme")


@app.get("/users/me")
def read_current_user(credentials: HTTPAuthorizationCredentials = Security(security)):
    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_base():
    response = client.get("/users/me", headers={"Authorization": "Other foobar"})

api_key = APIKeyHeader(name="key", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str | None = Security(api_key)):
    if oauth_header is None:
        return None
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User | None = Depends(get_current_user)):
    if current_user is None:

app = FastAPI()

security = HTTPBasic(realm="simple")


@app.get("/users/me")
def read_current_user(credentials: HTTPBasicCredentials = Security(security)):
    return {"username": credentials.username, "password": credentials.password}


client = TestClient(app)


def test_security_http_basic():
    response = client.get("/users/me", auth=("john", "secret"))
    assert response.status_code == 200, response.text

### Додайте `APIRouter` для `users` і `items` { #include-the-apirouters-for-users-and-items }

Тепер додаймо `router` з підмодулів `users` і `items`:

{* ../../docs_src/bigger_applications/app_an_py310/main.py hl[10:11] title["app/main.py"] *}

/// info | Інформація

`users.router` містить `APIRouter` у файлі `app/routers/users.py`.

	var user2 User
	DB.Preload("Company").Preload("Manager").Find(&user2, "id = ?", user.ID)
	CheckUser(t, user2, user)

	user.Company.Name += "new"
	user.Manager.Name += "new"
	if err := DB.Save(&user).Error; err != nil {
		t.Fatalf("errors happened when update: %v", err)
	}

	var user3 User
	DB.Preload("Company").Preload("Manager").Find(&user3, "id = ?", user.ID)
	CheckUser(t, user2, user3)

client = TestClient(app)


def test_security_http_bearer():
    response = client.get("/users/me", headers={"Authorization": "Bearer foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Bearer", "credentials": "foobar"}


def test_security_http_bearer_no_credentials():
    response = client.get("/users/me")
    assert response.status_code == 200, response.text

 * </ul>
 *
 * <p>If no backing thread factory is provided, a default backing thread factory is used as if by
 * calling {@code setThreadFactory(}{@link Executors#defaultThreadFactory()}{@code )}.
 *
 * <p><b>Java 21+ users:</b> consider using the {@code Thread.Builder} interface instead. E.g.,
 * instead of {@code new ThreadFactoryBuilder().setPriority(priority).setDaemon(false).build()}, use

## Obtener el usuario { #get-the-user }

`get_current_user` usará una función de utilidad (falsa) que creamos, que toma un token como un `str` y devuelve nuestro modelo de Pydantic `User`:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## Inyectar al usuario actual { #inject-the-current-user }

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## 現在のユーザーの注入 { #inject-the-current-user }

ですので、 `get_current_user` に対して同様に *path operation* の中で `Depends` を利用できます。

{* ../../docs_src/security/tutorial002_an_py310.py hl[31] *}

Pydanticモデルの `User` として、 `current_user` の型を宣言することに注意してください。

その関数の中ですべての入力補完や型チェックを行う際に役に立ちます。

/// tip | 豆知識

# 取得目前使用者 { #get-current-user }

在前一章，基於依賴注入系統的安全機制會把一個 `token`（作為 `str`）提供給*路徑操作函式*：

{* ../../docs_src/security/tutorial001_an_py310.py hl[12] *}

但這還不太有用。

讓它改為回傳目前使用者吧。

## 建立使用者模型 { #create-a-user-model }

先建立一個 Pydantic 的使用者模型。

就像用 Pydantic 宣告請求體一樣，我們也可以在其他地方使用它：

{* ../../docs_src/security/tutorial002_an_py310.py hl[5,12:6] *}

## 建立 `get_current_user` 依賴 { #create-a-get-current-user-dependency }